[Snort-devel] preprocessor flow-portscan

Kevin Amorin kevmcs11 at ...398...
Wed Feb 4 12:09:01 EST 2004


Hello,
    With the direction of Chris Green I've been trying
to track down a 'bug' in flow-portscan alert-mode all.
 While in alert mode all, it seems the alert_flag
variable is never being reset after the first alert.  

After some debugging any value set in the function
flowps_reset_alert_flags in flowps.c on the variable
alert_flags does not stay set.  I have tried setting 

alert_flag = & sep->alert_flags (via Chris)

and passing it by reference to no avail.  Is anyone
using alert-mode all, and if so do you see similar
behavior?



Thanks
Kevin


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/




More information about the Snort-devel mailing list